# VERSION 6 - DO NOT REMOVE THIS LINE

RewriteEngine on

# By default forward all requests to /ipa. If you don't want IPA
# to be the default on your web server comment this line out.
# RewriteRule ^/$ https://id{{ env_suffix }}.fedoraproject.org/ipa/ui [L,NC,R=301]

# Redirect to the fully-qualified hostname. Not redirecting to secure
# port so configuration files can be retrieved without requiring SSL.
# RewriteCond %{HTTP_HOST}    !^id{{ env_suffix }}.fedoraproject.org$ [NC]
# RewriteRule ^/ipa/(.*)      http://id{{ env_suffix }}.fedoraproject.org/ipa/$1 [L,R=301]

# Redirect to the secure port if not displaying an error or retrieving
# configuration.
# RewriteCond %{SERVER_PORT}  !^443$
# RewriteCond %{REQUEST_URI}  !^/ipa/(errors|config|crl)
# RewriteCond %{REQUEST_URI}  !^/ipa/[^\?]+(\.js|\.css|\.png|\.gif|\.ico|\.woff|\.svg|\.ttf|\.eot)$
# RewriteRule ^/ipa/(.*)      https://id{{ env_suffix }}.fedoraproject.org/ipa/$1 [L,R=301,NC]

# Rewrite for plugin index, make it like it's a static file
RewriteRule ^/ipa/ui/js/freeipa/plugins.js$    /ipa/wsgi/plugins.py [PT]

# The following lines break the python-freeipa library that Noggin and FASJSON
# use. Don't enable them until we have found another way to make windows
# browsers happy.
# Maybe something like: https://github.com/gssapi/mod_auth_gssapi#example-1
# # The following disables the annoying kerberos popup for browsers on windows
# RewriteCond %{HTTP_COOKIE} !ipa_session
# RewriteCond %{HTTP_REFERER} ^(.+)/ipa/ui/$
# RewriteRule ^/ipa/session/json$ - [R=401,L]
# RedirectMatch 401 ^/ipa/session/login_kerberos
